Job description

Overview Job Description: SharePoint Security Architect Location: Remote (Denver CO ; occasional on-site workshops possible) Role Summary SharePoint Security Architect (Contract) focused on discovery and future state recommendations for a large enterprise SharePoint Online environment. This role is heavily assessment-driven: you will map the tenant, identify architectural and security gaps, and produce deliverables including a Gap Register, Data Exposure Catalog, Architecture Map, and a Future State Recommendations Report. You will be hands-on with discovery, confident in stakeholder engagement, and able to translate complex findings into clear, actionable reports. Responsibilities Discovery and Analysis Inventory and map the entire SharePoint Online estate (sites, hubs, Teams-backed sites, channel sites, OneDrive interactions). Extract and analyze site and library permissions, identify inheritance breaks, and highlight excessive role assignments. Enumerate all external sharing links, classify by type (Anyone, Org-wide, Specific People), and review expiry posture. Catalog guest accounts and sponsorship status; identify stale or unmanaged guests. Review tenant and site-level settings affecting external collaboration. Assess adoption of sensitivity labels, DLP coverage, retention/records configuration, and conflicts. Evaluate monitoring and logging posture, Unified Audit Log retention, and SIEM routing. Inventory third-party applications, OAuth consents, and risky Power Automate flows. Gap Register and Reporting Produce a Gap Register: clear gap statements with evidence, risk scoring (severity/likelihood), business impact, and suggested owners. Build a Data Exposure Catalog for sensitive libraries and their exposure posture. Deliver an Architecture Map showing current hubs, sites, and high-risk clusters. Develop an Executive Heat Map of the top 10 risks. Future State Recommendations Define a target SharePoint security and governance model: Site provisioning, ownership, and lifecycle controls. External collaboration model (guest lifecycle, expirations, access reviews). Baseline tenant and site settings for sharing, links, and unmanaged device sessions. Content protection model (sensitivity labels, auto-labeling, DLP tiers, retention standards). Monitoring and alerting strategy with dashboards and escalation paths. Outline a phased roadmap with quick wins, 90-day baselines, and a 6-month uplift. Communication and Stakeholder Engagement Lead technical workshops with admins, security engineering, and business data owners. Translate technical findings into business-focused risks and recommendations. Produce polished deliverables: Discovery Workbook, Gap Register, Recommendations Report, and executive presentation decks. Required Skills and Experience 7+ years of experience with Microsoft 365 and SharePoint Online in large, enterprise environments. Proven track record leading at least two tenant-wide SharePoint security or architecture assessments. Strong understanding of Microsoft Entra ID (Azure AD) identity and access controls: Conditional Access, PIM, access reviews, cross-tenant access. Hands-on expertise with Microsoft Purview: sensitivity labels, DLP, retention, records management. Knowledge of Microsoft Defender for Cloud Apps and Defender for Office 365. Strong familiarity with Unified Audit Log, KQL queries, and SIEM integrations. Experience auditing app consents and Power Automate flows for data leakage risk. Proficiency with PnP.PowerShell, Microsoft Graph, and PowerShell scripting. Exceptional ability to produce clean, evidence-driven documentation and reports. Preferred Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) Microsoft Certified: Information Protection Administrator Associate (SC-400) Microsoft Certified: Security Engineer Associate (AZ-500) CISSP or CCSP (optional, for broader security framing) Core Attributes Analytical, detail-oriented, and evidence-driven. Skilled at stakeholder communication and risk storytelling. Strong documentation and executive presentation skills. Comfortable with ambiguity; able to structure unorganized environments. #J-18808-Ljbffr Source Infotech

Requirements